>> beyond googling, looking up friends and acquaintances and data generally on the search engine google is so popular, it has a name, "googling but when it comes to computer snoopg, googling is just the tip of the iceberg. online databases permit prying eyes to peer into divorce records, arrests, lawsuits, business property holdings, personal property holdings, current addresses, phone numbers some engines list maiden names, birth dates and social security numbers. can anyone with a home computer and an internet connection be big brother?

is privacy obsolete? we'll ask evan hendricks and stuart pratt both experts in the collection and usage of information.

>> gentlemen, we will co. is the average person aware of how much -- welcome. the average person aware of how much data is obtainable by the internet? stuart pratt? >> uh-oh, john, i think the lead for the show speaks volumes about how society and our lives have changed, the ability to going lg ourselves, to see what is on the internet is something that tens of millions --. >> you want information it would be the shoe leather factor, you have to retain a private eye, he would have to be hiding behind lampposts and try to get into files now. now it's at your finger tips. >> i don't think that's quite true: there's some information

on the intet net that is easy to get but there's a lot of information controlled under federal laws and is not readily available through a browser on the internet. >> where do you start? you start by going lg? -- googling? i ask you evan hendricks. >> that's the easy thing. but if you pull out your wallet and start buying things, there's no way anyone can realize how much information is available, the property records, divorce records. bank records. >> the googling process will give you names, date of birth, place of birth, mother's maiden name --. >> sometimes, yes. >> if it's listed on at genology page by a relative who loves that. is that the extent of the data? >> it depends on what has been put out about us on those web sites. sometimes if you look at the what the kids are doing with space books they are loading personal information on web sites. all that depends. we need to understand there are

central repositories that have this information. >> let's talk about this i ntelius, do i have that correctly? does it examine every public record on a person for a fee whether it's local government or federal government or state government? >> it's one of many companies that their business is going to all those public records, which were created by taxpayers by the way, putting the information in their own private companies and -- computers and selling it. >> this is what i have that they'll deliver for you for $29.95 or if you want a full write up for $49.95. it will give you up to ten prior addresses and phone numbers for the individual, a maiden name, the age, the current name, the relatives, the roommates, the neighbors -- that's the beginning dossier. if you go further to the larger one you can examine thousands of

private records including any criminal records, any arrests and any jurisdiction no matter how small throughout entire country. isn't that quite incredible? >> well, it is incredible. but i think evan said it just right. a lot of these are public records. john, we are in the middle of, i think, a debate about the extent of the availability of public records. i guess really the question is what kind of public records should remain absolutely public. keep in mind that a public record is fundamental to our democratic ideals. it isn't about pulling data back and saying it should be under the control of government. >> how about judgments or how about divorce records? or how about lawsuits? how about tax liens? these are all available. >> they are. >> and you can get it through this particular web site. the value of your home, facts about the home, small claims court rulings, bankruptcies --. >> all public information.

and flagstaff there is good -- and there is good reason for it being public information. what has changed is where it used to be in a dusty filing cabinet in a kraus, now -- courthouse, now it's in a database and anybody can get it provide they pay a fee. the public companies yank it out of the public ground and there's a fundamental consistency of inaccurate data through the records. you could be judged on information that is not entirely accurate. >> isn't it an invitation to stalking and identity theft? >> let's take a couple of exams, criminal histories. he is right, they used to sit in a dusty file drawer. the problem was the daycare center couldn't find the pedophile record in the dusty file drawer. when you make it national you allow an employer to make sure we know the kind of employee that we're putting in a position of great responsibility.

that's a good outcome. >> if you were going to form a liaison, a partership with a business partner you would want to know. >> absolutely. >> and it would certainly be a legitimate problem. there are -- lawyers, of course turn immediately to this to find out about their client or who is testifying against them and it's a rich resource. journalists examine their sources frequently by going to the net. i'm not sure they want to -- i don't know many journalist who's want to shel out $49.95. they probably poke around for a couple of hours. but the open sesame, the golden key is the social security number. >> the social security number is the first tool of choice if you want to unlock someone's files and it's the first tool of choice for an identity theevment ate loves the thief to get credit in the name of the innocent victim.

>> there are ways for a reasonableibly -- reasonabley clever money maker, that is, someone who wants to make money it's called phishing. that's sends out e-mails, is that correct? >> we're educating consumers. more consumers are learning not to respond to an e-mail saying reenter your password. >> or a bank account perhaps. >> i want to go to the social security number. we believe that an s.s.n. is a sensitive item of information and we believe it should be controlled under a security program. the idea that the social security number is somehow out on the internet without control, available to the general public so that you and i can look at each other's social security numbers that's not where we want to be. >> or used as a student

identifier at a university, bad idea, video stores, bad idea. we need to rollback uses of it. >> what about using your inteshal revenue service number. wouldn't that be a good identifier to substitute for social security and have extremely limited opening of the safe, so to speak, the privacy safe value, or you could use your e.i.n. nurks employee identification number. wouldn't that be better? >> if you have a specific number and they can't use it for other purposes, yes, that would be a step forward. >> evan mentioned socials and accuracy. he talked about accuracy of databases. one of the reasons the social security is used in protected database it's that we have 40 million consumers who move every year in this country. we have three million last names that change due to marriage and divorce. there's a lot of things that change about us. there are databases that consequential like a credit

report where accuracy is paramount and where a social security is part of the building block. a credit report isn't available through the google search. it's controlled under a law called the fair credit reporting act. >> people don't seem to be bothered about giving up personal information. you have match.com it has 50 million subscribers. this is a data service. are you familiar with this? >> absolutely. >> evan i don't want you to commit to saying something you don't want to say, but have you seen it? >> yes. if uconn sent to it there's no invasion of privacy because uconn sent to it. >> you mean anticipation of reward. >> absolutely. >> that would apply to contests or giveaways. >> or going on the jerry springer show. >> you would consent to match.com with a idea of finding a friendly mate a psychological profile of yourself? >> maybe. the world we're starting to live in now that begs the question,

when and where should i put that kind of information out. google by the way --. >> myspace.com it's a favorite of students. >> it is. >> what about google? >> i think consumers are learning through search engines that where i put personal information on to a page of a web site, that information can be found and brought forward in a search. i think that more consumers should understand that because we should take care and protect sensitive personal information about us. that is something we can do and over time we can become more educated. >> we're going to get to this question right now, and -- or in a moment, and that is at government, the role of the government, particularly, is there a zone that the government could prescribe that a -- a hacker or a corporation, a corporate hacker, could not get

into? it would be zoned off and if you did get into it, you would be >> we're joined on the telephone by chairman cliff stearns, chairman of the commerce, trade and consumer protection panel of the united states house of representatives. i would welcome the chairman by notifying him we are here on the set and stuart pratt is with us. he is the president and c.e.o. of consumer data industry association. can you give me some idea, can you volumize how much data is in your association, by the way, stuart? we represent a lot of different models, consumer credit associations --. >> how many --. >> they have probably 250 million credit reports and we're updating four billion data elements a month. >> that's a sizable amount, is it not, evan hendricks who is

editor and publisher of "privacy times". by the way he has written this great book, a great read --. >> named book of the month. >> credit scores and credit reports, how the system work and what you can do. do you want to comment about anything he has said? >> information about social security very valuable. one of the tough things about sit that we don't own data about us. when companies like stuart collects it, they own our names, we don't own them that's why they can traffic in our names. >> when you own a volume of data you can sell it for a subs shal commercial reward. >> it's an extremely lucrative business. >> we have the chairman who was patiently waiting while i introduced the guests at the table. can you tell us what the u.s. government doing is in this general area? >> perhaps a lot of people will remember that choicepoint had a type of breach and lexisnexis

also did as well as lots of people. >> tell us about --. >> i could list the number of people but the bottom line is these breaches mean that people's personal identifiable information is made public and thieves could use it for predatory purposes. one thing that was not mentioned in the discussion i heard you folks talk about was credit cards. a lot of these credit cards are being -- the information is being sold to someone, he uses it for his own benefit, he or she, and lots of times it could be used for nef fairous purposes which goes to some of the concerns we have with the war on terrorism, a lot of people could take credit cards and use it to buy things -- before you stop it. now, near congress, we have a bill that passed out of my subcommittee called -- it's h.r. 4127, it's called the data accountability and trust act. i don't think most americans realize this but right now there's only a few states that

have rules requiring security for personal information, that is, rules that have been standardized, and take into account the size, nature and scope of person's activity, the state of technology, and the entire cost implementing the security procedures. some firms are not spending very much money and others are. this bill that i have passed out in the subcommittee is basically going to establish the rules through the federal trade commission and then we're going to put in penalties in the cases of breaches of information. we're going to have audits by the f.t.c. on information broker security. we put together a whole list of things that these companies must do in the event there's a breach. that is something that the state of california has already done. and they are to be commended. the bill that i have is patterned a little bit after california, but if you have 50

states with 50 different laws it's going to be difficult for comply adequately. so we're putting in a federal standard which we think will be stronger than the states and we'll have protection for the sensitive information. >> isn't it true that corporations have made advances for the private sector in collecting information than does the u.s. government? aren't state gofertz the u.s. government -- the u.s. government requires a warrant for some kinds of information, does it not, whereas, what it does to evade that, we hear, for example, the pentagon which has an enormous snoop potential -- i don't mean to use that word in a bad sense, but let's say monitoring potential, and all college students, i believe, are said to be within the per view of the pentagon. that's obtained through a contract that the pentagon

issues with, i guess, choicepoint? >> it's a different private company but they are basically trying to compile records on students so they can reach out to them and recruit them into the military. >> what do you think of the pentagon having dossiers on every young person in america, mr. chairman? >> i haven't heard that honestly. it's obviously a huge task and i don't think it's being done in the light that you are talking about. i think they are probably trying to identify those individuals that would be a high risk in terms of potential terror to this country, and i think that's what they are concentrating on. i don't think they are going to the average student and developing a dossier. i their doing a scan mechanism to find out is this particular student a u.s. citizen? is he a student from a country which is hos aisle or wants to indicate or has a past history of trying to hurt the united states? those the students they probably

should watch carefully. >> is it engaged in domestic spying with undercover intelligence agencies, spying on churches, anti-bush political organizations and war protests? didn't we have a story on that in the press not too long ago. >> nbc. >> nbc. you don't see your legislation as curk any department or bureau or agency of the u.s. government is that correct? >> that's correct. this is going to the private industry and ultimately to government in how they keep this very sensitivementunt of information on person's activities and requires for the first time to identify to the person in the event there's a breach so you'll get a notification that if choicepoint or lexisnexis or bank of america had a breach as well as banks, timewarner. i've have lists of companies that have had breaches. in some case it's not a breach

that matters because the information is encrypted so it won't hurt anybody n. other cases it's pretty transparent and we need to have rules in place that the individuals be notified and more importantly that security is in place in the corporations to protect itn a manner that is reputable. >> i'm not making the pentagon into a whipping boy, but i have discovered when i -- what i said earlier, it was revealed last year that the pentagon had amassed a database including anti-war protesters which poses, some believe, a great throat our privacy by the pentagon that perhaps the f.b.i. -- the program is called talon. does that cross your jurisdiction or your desk? >> no, it has not. the -- that -- the pentagon is pretty much under the armed services committee or the appropriation commit dwlee deals with fund -- committee that deals with funding for the armed services which is the pentagon.

but i suspect that after 9/11 there has been a hyped up intelligence source. my colleague porter gos who -- goss, who took over the c.i.a., i have talked to him. there's a heightened thought of what to do because of potential terrorism. >> have you heard about the n.s.a. we know about the warrantless eaves dropping and the flap over that. the president seems to not only successfully not been hurt by it, but he comes out a winner because the congress has come away from it because they don't want to appear soft on security. but the n.s.a., it is said, put cookies on those computers that inquierd into the n.s.a. have you heard anything about that? >> no, i know it's cookies are put on my computer all the time. it's not only cookies we had a bill dealing with the spyware and that has not passed.

>> do you think that the federal government is doing enough with this new phenomenon where a person's identity cannot only be penetrated and exhausted but also stolen? >> i think the government does not have in place the legislation. this bill has not passed that i have. we don't have the bill in place dealing with pretexting, protecting information from your cell phone. and i think the government has to pass these and we must get through the political donny brook and pass these. i don't think the federal government is doing enough and i'm hoping this bill and mineac. that is something that the >> bio metric identification means that you stand in front of an instrument and you open your eye and the instrument reads your eye and your receipt in a is -- retina is yours and no one else's and that goes on a card. with that card is the listing of your life, whether or not you have felonies or misdemeanor

arrests or whatever how much money you owe or whatever is necessary to clear you. this identification, for example, instead of focusing on things when you go through a screener in the apartment you are folk -- airport, you are focusing on people. the likelihood that they are terrorists. does this play any role in what we're talking about here today, bio metrics? it assumes that you are going to appear before a machine and we really don't want that if we're placing a telephone call from a -- from a magazine that has a listing of something that we want to buy. do you follow me? >> i don't think t t amemecan people are going to embrace the idea of a holistic card that has all information about me in one single place including a bio metric. you'll find services where i have access to a building because i need access. >> security clearing. >> i don't think you'll see the

american people going all the way down there. >> if it's a telephone you can't make it function. you can't produce the card. the card will not be recognizable over the phone. am i right about that? what about an identity card that is being advocated by some members of the congress. >> there's danger there's as there are with biometrics because that still depends on software to translate it through computers. the software can be spooked. if we think biometrics are the silver bullet and people can steal identify that will make it worse. there's much better ways of this than the silver bullet. >> if that sense we'd be with evan. if you are going down the road, you better do it responsibly. we need the ark tech tou >> you know who scott mcneely is at microsystems? is he a member of youour organization or this company? he is not. he said this in "reason"

magazine, a libertarian magazine, you have zero privacy anyway. get over it. that was his quote in 2004. what is -- what is corporate snooping today? >> we don't see what we're doing as snooping. let me give you a couple of examples. when we -- when our members compile a criminal history record of an individual, it's for employment purposes regulared -- regulated under the fair credit reporting act. it's regulated under federal law and bounded by federal law. we like. that i would also tell you another example, credit reports. credit reports vouch for me. i get my loan. i get my student loans. i buy my house. i buy my cars. i live my life here in the united states because a credit report vouches for me even though a lender has never met me before. sometimes i think we don't see the benefit of the information built into the databases. >> let me talk about -- there's a fundamental corporate snooping

which is that companies like choicepoint will keep records on us and they won't even let us get access to information about us so we can see if it's accurate or not accurate. basically they are keeping secret record systems and that is snooping that is just not consistent with american tradition and something we have to bring an end to. >> corporations sell those records when they amass the dossiers. >> they not only sell them but they can sell them to the government for investigative purposes and surveillance purposes. >> corporate profit. >> absolutely. >> our members are not in the dossier business. our members are --. >> even scott mcneely if i could sit with him and asking questions he would say that's private i'm not going to tell you. >> have you heard of axciom? what is it? i understand they have 1.6 billion names, addresses, phone numbers and other personal

information that a junk mail marketer tried to download after a computer server in 2002 and 2003. does d- that hacker succeed? >> did he not succeed. he got the data and used it for junk mailg. somebody got call. that is ultimately the most important thing for us, evan. there's consequences to the actions. they are a successful company that provides market services for american businesses. it provides employment screening services for american businesses. >> when 9/11 hit they hired wesley clark to go to the government to sell their services to the government. that's an example of this wall crumbling. >> we have no time for this but give me an examine. medical record keeping. if you are in australia and you fall down and nobody knows -- you keel over and nobody knows what your record is, they don't have to call your wife or

children to find out where it is and on and on. while you pass out they press a button with what they find in your wallet and they can find your medical information. it's great. >> i think medical information when fair information practices are applied to it could benefit consumers. >> do the pluses outweigh the minuses? >> it depends. good uses of information are good and bad uses are bad. >> thank you very much. it's a big issue and